Abstract image of a woman sitting on books and studying on a laptop

Web Application Penetration

Download as PPTX, PDF
R
Reza Rashidi

This document summarizes topics related to web application security. It discusses what security and computer security are, defines web application security, and introduces the OWASP Top 10 list of vulnerabilities. The list includes injection, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, use of vulnerable components, and insufficient logging and monitoring. The document also covers some vulnerabilities specific to React applications, such as XSS issues via dangerouslySetInnerHTML and attacker-controlled props.

Technology
1 of 56
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
Web Application Penetration 1 Pr. Saeed Alam
Mohammad Saber 2 Reza Duty Rd313.ir
3 Topics • What is Security • What is computer security • Web application security • OWASP • OWASP Top ten vulnerability • React Vulnerability
4 What is Security ?
5 What is Security Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others
6 What is Computer Security ?
7 What is Computer Security Computer security, cybersecurity or information technology security (IT security) is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.
8 Web Application Security
9 Web application security Web application security is a branch of information security that deals specifically with security of websites, web applications and web services. At a high level, web application security draws on the principles of application security but applies them specifically to internet and web systems.
10 Web application security
11 OWASP
12 OWASP
13 OWASP Top Ten Vulnerability 1-injection
14 OWASP Top Ten Vulnerability 1-Injection
15 OWASP Top Ten Vulnerability 1-Injection
16 OWASP Top Ten Vulnerability 1-Injection
17 OWASP Top Ten Vulnerability 2-Broken Authentication
18 OWASP Top Ten Vulnerability 2-Broken Authentication
19 OWASP Top Ten Vulnerability 2-Broken Authentication
20 OWASP Top Ten Vulnerability 2-Broken Authentication
21 OWASP Top Ten Vulnerability 3-Sensitive Data Exposure
22 OWASP Top Ten Vulnerability 3-Sensitive Data Exposure
23 OWASP Top Ten Vulnerability 3-Sensitive Data Exposure
24 OWASP Top Ten Vulnerability 4-XML External Entities
25 OWASP Top Ten Vulnerability 4-XML External Entities
26 OWASP Top Ten Vulnerability 4-XML External Entities
27 OWASP Top Ten Vulnerability 4-XML External Entities
28 OWASP Top Ten Vulnerability 5-Broken Access Control
29 OWASP Top Ten Vulnerability 5-Broken Access Control
30 OWASP Top Ten Vulnerability 5-Broken Access Control
31 OWASP Top Ten Vulnerability 5-Broken Access Control
32 OWASP Top Ten Vulnerability 6-Security Misconfiguration
33 OWASP Top Ten Vulnerability 6-Security Misconfiguration
34 OWASP Top Ten Vulnerability 6-Security Misconfiguration
35 OWASP Top Ten Vulnerability 7-Cross Site Scripting(XSS)
36 OWASP Top Ten Vulnerability 7-Cross Site Scripting(XSS)
37 OWASP Top Ten Vulnerability 7-Cross Site Scripting(XSS)
38 OWASP Top Ten Vulnerability 7-Cross Site Scripting(XSS)
39 OWASP Top Ten Vulnerability 8-Insecure Deserialization
40 OWASP Top Ten Vulnerability 8-Insecure Deserialization
41 OWASP Top Ten Vulnerability 8-Insecure Deserialization
42 OWASP Top Ten Vulnerability 9-Using Components with Known Vulnerabilities
43 OWASP Top Ten Vulnerability 9-Using Components with Known Vulnerabilities
44 OWASP Top Ten Vulnerability 9-Using Components with Known Vulnerabilities
45 OWASP Top Ten Vulnerability 10-Insufficient Logging&Monitoring
46 OWASP Top Ten Vulnerability 10-Insufficient Logging&Monitoring
47 OWASP Top Ten Vulnerability 10-Insufficient Logging&Monitoring
48 React Vulnerability
49 React Vulnerability ReactJS is quite safe by design since ● String variables in views are escaped automatically ● With JSX you pass a function as the event handler, rather than a string that can contain malicious code But …
50 React Vulnerability
51 React Vulnerability XSS via dangerouslySetInnerHTML
52 React Vulnerability XSS via a.href attribute
53 React Vulnerability XSS via a.href(base64 encoded data)
54 React Vulnerability XSS via attacker controlled props
55 Any Question?
56 Resources ● owasp ● slideshare.net/kseniadmitrieva ● stackoverflow.com/questions/33644499/

More Related Content

PDF
The Next Generation Security
Cybera Inc.
 
PDF
Owasp and friends
Mažvydas Skuodas
 
PDF
GECon2017_ Security testing and selenium tests can you do one using the other...
GECon_Org Team
 
PPTX
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
Nur Shiqim Chok
 
PPTX
Assume breach, layered security in Azure tested and explained
Martyn Coupland
 
PDF
Secure Coding for Java - An Introduction
Sebastien Gioria
 
PDF
Equifax & Apache Struts Vulnerability CVE-2017-5638
Black Duck by Synopsys
 
PPTX
Design highly available and secure system
Andi Pangeran
 
The Next Generation Security
Cybera Inc.
 
Owasp and friends
Mažvydas Skuodas
 
GECon2017_ Security testing and selenium tests can you do one using the other...
GECon_Org Team
 
[Cisco Connect 2018 - Vietnam] Eric rennie sw cisco_connect
Nur Shiqim Chok
 
Assume breach, layered security in Azure tested and explained
Martyn Coupland
 
Secure Coding for Java - An Introduction
Sebastien Gioria
 
Equifax & Apache Struts Vulnerability CVE-2017-5638
Black Duck by Synopsys
 
Design highly available and secure system
Andi Pangeran
 

What's hot (16)

PDF
Cisco connect winnipeg 2018 anatomy of an attack
Cisco Canada
 
PPTX
Hacking liferay
Armel Nene
 
PPTX
ISO 27k talk for django meet up
Viren Rajput
 
PDF
Anatomy Of An Attack
Cisco Canada
 
PPTX
CLUSIR INFONORD OWASP iot 2014
Sebastien Gioria
 
PDF
Re solution - corona virus cyber security infographic
Jacob Tranter
 
PPTX
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
PDF
Secure Coding For Java - Une introduction
Sebastien Gioria
 
PDF
certificate
Shivaditya Tapna
 
PPTX
ALPSP Conference - Pierre Montagano - Code Ocean - Sept 14 2017
Code Ocean
 
PDF
42 minutes to secure your code....
Sebastien Gioria
 
PDF
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
PDF
2014_EMTieghi_Industrial_Security-templateSERVI
Enzo M. Tieghi
 
PDF
OWASP, PHP, life and universe
Sebastien Gioria
 
PDF
Mod Security
Abhishek Singh
 
PPTX
شهادات تاهلية1
Salem Salem
 
Cisco connect winnipeg 2018 anatomy of an attack
Cisco Canada
 
Hacking liferay
Armel Nene
 
ISO 27k talk for django meet up
Viren Rajput
 
Anatomy Of An Attack
Cisco Canada
 
CLUSIR INFONORD OWASP iot 2014
Sebastien Gioria
 
Re solution - corona virus cyber security infographic
Jacob Tranter
 
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
Secure Coding For Java - Une introduction
Sebastien Gioria
 
certificate
Shivaditya Tapna
 
ALPSP Conference - Pierre Montagano - Code Ocean - Sept 14 2017
Code Ocean
 
42 minutes to secure your code....
Sebastien Gioria
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Vladyslav Radetsky
 
2014_EMTieghi_Industrial_Security-templateSERVI
Enzo M. Tieghi
 
OWASP, PHP, life and universe
Sebastien Gioria
 
Mod Security
Abhishek Singh
 
شهادات تاهلية1
Salem Salem
 
Ad

Similar to Web Application Penetration (20)

PDF
Web Security
Gerald Villorente
 
PDF
OWASP Bulgaria
Zero Science Lab
 
PDF
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
G. Geshev
 
PPTX
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk
 
PDF
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
PPTX
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
PPT
OWASP an Introduction
alessiomarziali
 
PPTX
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
PPTX
OWASP
Pen Testeronyguy
 
PPTX
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
Md Raffiqunnabi Rumman
 
PPT
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
jangomanso
 
PDF
Cyber Security and Cloud Computing
Keet Sugathadasa
 
PPTX
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
PDF
2014 09-04-pj
Sébastien GIORIA
 
PPTX
Java application security the hard way - a workshop for the serious developer
Steve Poole
 
PDF
SAP (in)security: New and best
ERPScan
 
PPTX
How Malware Works - Understanding Software Vulnerabilities
Bunmi Sowande
 
PDF
OWASP Top 10 2007 for JavaEE
Magno Logan
 
PDF
OWASP (Open Web Application Security Project) .pdf
kavsinghta
 
PDF
Automatic detction of web apps vulnerability
임채호 박사님
 
Web Security
Gerald Villorente
 
OWASP Bulgaria
Zero Science Lab
 
[OWASP-Bulgaria] G. Geshev - Chapter Introductory Lecture
G. Geshev
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
Splunk
 
Application Security on a Dime: A Practical Guide to Using Functional Open So...
POSSCON
 
A Closer Look at Isolation: Hype or Next Gen Security?
MenloSecurity
 
OWASP an Introduction
alessiomarziali
 
Looking Forward… and Beyond - Distinctiveness Through Security Excellence
Ludovic Petit
 
OWASP
Pen Testeronyguy
 
GDG Dev Fest 2014 Cyber Security & Bangladesh (Raffiqunnabi Rumman )
Md Raffiqunnabi Rumman
 
OWASP_Top_10_Introduction_and_Remedies_2017.ppt
jangomanso
 
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
2014 09-04-pj
Sébastien GIORIA
 
Java application security the hard way - a workshop for the serious developer
Steve Poole
 
SAP (in)security: New and best
ERPScan
 
How Malware Works - Understanding Software Vulnerabilities
Bunmi Sowande
 
OWASP Top 10 2007 for JavaEE
Magno Logan
 
OWASP (Open Web Application Security Project) .pdf
kavsinghta
 
Automatic detction of web apps vulnerability
임채호 박사님
 
Ad

Recently uploaded (20)

PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Unlock new opportunities with location data.pdf
Precisely
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
What is a Computer? Input Devices /output devices
GulJan8
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Five Habits of High-Impact Board Members
OnBoard
 

Web Application Penetration